role-creator
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes several bash scripts (
install_role.sh,validate_role.sh,write_role_config.sh) to perform its primary functions. These scripts are used to manipulate local TOML files usingtomlqandjq. This behavior is transparent and aligns with the skill's stated purpose of managing agent configurations. - [DATA_EXPOSURE] (SAFE): The skill manages files within the user's home directory (
~/.codex/). It reads and writes configuration data but does not access sensitive system files like SSH keys or AWS credentials. It includes a backup mechanism (cp "$config_path" "$backup_path") to prevent accidental data loss during configuration updates. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill provides a surface for indirect prompt injection by allowing users to define 'developer_instructions' that are later written into configuration files. While these instructions could contain malicious directives for future agent sessions, the skill itself treats this data as strings and uses proper TOML escaping (via
tomlq), preventing syntax-level injection during the configuration process. - [EXTERNAL_DOWNLOADS] (SAFE): No remote downloads or network operations (such as
curlorwget) were detected in any of the scripts or templates. The skill relies entirely on local tools and files.
Audit Metadata